app:tlsfingerprint
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
app:tlsfingerprint [2017/11/29 23:02] – [What is TLS Fingerprinting] veera | app:tlsfingerprint [2018/03/04 13:27] (current) – veera | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ~~Title: | + | ~~Title: |
====== TLS Fingerprinter ====== | ====== TLS Fingerprinter ====== | ||
Line 45: | Line 45: | ||
==== Analysis of TLS Fingerprints ==== | ==== Analysis of TLS Fingerprints ==== | ||
- | What are you going to do with these prints. There are a few options | + | There are two actionable things |
+ | |||
* **Malware prints** | * **Malware prints** | ||
* **Anomaly detection** : If you can track known prints,then you can build a large Database over a period of time. After that you can send unseen prints into a " | * **Anomaly detection** : If you can track known prints,then you can build a large Database over a period of time. After that you can send unseen prints into a " | ||
- | |||
- | In both analysis paths,we think TLS Prints is a valuable piece of intel, especially given we are moving to pervasive TLS. | ||
- | |||
- | Lets look at what you can do with TrisulNSM and the new TLS Prints App. | ||
Line 101: | Line 97: | ||
===== Programatically resolving TLS Prints ===== | ===== Programatically resolving TLS Prints ===== | ||
- | This App dumps all fingerprints along with the parameters used to compute them into a log file. This allows us to programatically resolve unknown fingerprints. | + | This App dumps all fingerprints along with the parameters used to compute them into a log file. This allows us to programatically resolve unknown fingerprints. We released a TRP Ruby script to [[app: |
app/tlsfingerprint.1511976748.txt.gz · Last modified: 2017/11/29 23:02 by veera